Check Point Research has identified the individual responsible for the Remcos and GuLoader malware, which targeted the EMEA and APAC regions. This hacker distributed malware by exploiting seemingly legitimate software.
They were linked to websites called BreakingSecurity and VgoStore, where they openly sold Remcos and GuLoader, rebranded as TheProtect. Even though these tools were advertised as legitimate, they are commonly used in cyberattacks and are among the most prevalent malware.
This discovery highlights the concerning trend of cybercriminals using seemingly lawful software for malicious purposes. Remcos and GuLoader are particularly troublesome, as they are adept at evading detection.
In Checkpoint’s Most Wanted malware report for July 2023, Remcos climbed the ranks due to trojanized installers, landing in third place. Remcos, a Remote Access Trojan (RAT), has been observed in various campaigns, including one involving the Fruity malware downloader.
This campaign aimed to lure victims into downloading the Fruity downloader, which then installed different RATs like Remcos to steal sensitive information and conduct malicious activities on the victim’s computer.
GuLoader and Remcos have been impacting the Finance and Education sectors in 2023. GuLoader affected an average of 2.4% of organizations globally in the Finance sector, while Remcos impacted 2.8% of organizations globally in the Education sector.
The investigation by Check Point Research revealed that those selling Remcos and GuLoader were well aware that cybercriminals were using their software. This underscores the serious threat posed by dual-use software and emphasizes the need for heightened vigilance in the cybersecurity landscape.
Check Point Research has shared its findings with relevant law enforcement agencies for further investigation. Customers of Check Point Threat Emulation are protected against Guloader and Remcos attacks, as Threat Emulation covers a wide range of attack tactics and threats. It safeguards against the types of attacks described in this report, contributing to a safer digital environment.
You can find more information about it on Check Point Research’s blog .
